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DETAILED ACTION 

Response to Amendment 

1 . The amendment filed on 01/09/2009 has been considered for claims 1-25 and is 
effective to overcome Droms in view of Donaldson references for claims 1-17. However 
a new ground(s) of rejection has been made in view of Droms and a newly found Green 
et al reference and therefore the rejection communicated via previous office action has 
been withdrawn. Rejection follows. 

2. Claims 1-25 is pending in the application. 

Claim Rejections - 35 USC § 101 

3. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

Claim(s)1-8 are rejected under 35 U.S.C. 101 as not falling within one of 
the four statutory categories of invention. While the claims recite a series of 
steps or acts to be performed, a statutory "process" under 35 U.S.C. 101 must 
(1) be tied to particular machine, or (2) transform underlying subject matter (such 
as an article or material) to a different state or thing. See In re Bilski, 88 USPQ2d 
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1385, 1391 (Fed. Cir. 2008). The instant claims are neither positively tied to a 
particular machine that accomplishes the claimed method steps nor transform 
underlying subject matter, and therefore do not qualify as a statutory process. 

The method including steps as recited in claims 1-8 is broad enough that 
the claim could be completely performed mentally, verbally or without a machine 
nor is any transformation apparent. Therefore appropriate corrections are 
required to claims 1-8. 

Claim Rejections - 35 USC § 103 

4. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

5 Claims 1-3, 5-11, 13-17 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Droms et al [US Pat: 7,143,435] in view of Green et al [US Pub: 
2004/0193918]. 

Regarding claim 1 , Droms et al in the invention of "Method and Apparatus for 
Registering Auto-Configured Network Addresses Based on Connection Authentication" 
disclosed a method of developing an access control list, comprising: developing an 
enhanced access control list (item 146 of Fig 1) including data related to at least one of 
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user names (user groups), DNS names (URL), Windows domain names (domain 
names), and physical addresses (col 8, lines 30-62); Droms disclosed maintaining 
hosts/clients IP addresses corresponding to the domain names in ACL translated by the 
domain name server (col 9, lines 1-27, col 12, lines 50-67, col 13, lines 1-24) and a 
map of IP address to physical address (MAC) for physical connection in DHCP server 
(col 10, lines 16-32, col 12, lines 21-32) and Droms further suggested these 
functionalities can be executed on the same host in one or more processors (col 9, 
lines 28-33). Therefore it would have been obvious to combine the functions from 
multiple tables into an enhanced ACL in the gateway (item 146 of Fig 1) for converting 
DNS names into corresponding IP and physical addresses (MAC address) according to 
data in the enhanced access control list. Droms disclosed developing the access control 
list from each of the operations of converting (col 6, lines 13-67, col 7, lines 1-9, col 9, 
lines 9-27), but fails to disclose converting at least one of user names into 
corresponding IP address. However, Green et al in the invention of "Apparatus and 
Method for Network Vulnerability Detection and Compliance Assessment" disclosed a 
method for converting user names into corresponding IP addresses (determine the IP 
address from DNS, para 0065). 

Therefore it would have been obvious for one of the ordinary skill in the art at the 
time the invention of made to include the method of converting user names into 
corresponding IP address as taught by Green et al in the system of Droms et al to 
covert user names and physical addresses into IP addresses. One is motivated as such 
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in order to determine an IP address with minimum latency to route an information 
packet based on user name and physical address. 

Regarding claim 2, Droms et al disclosed storing the user names and 
corresponding IP addresses in a mapping state database that defines current 
relationships among user names (col 7, lines 24-35), DNS names, domain names (col 
12, lines 21-32), and physical addresses (col 11, lines 20-28, col 16, lines 1-19). 

Regarding claims 3, 1 1 , Droms et al disclosed that each physical address 
comprises a MAC address (col 10, lines 16-23, col 16, lines 1-19). 

Regarding claim 13, Droms et al disclosed mapping user names into 
physical addresses comprises: detecting login packets (authentication, user ID and 
password) being communicated over the network; determining a MAC address from 
the login packets (col 2, lines 17-37, col 12, lines 50-67); 

Regarding claims 5-6,14, Droms et al disclosed converting DNS names into 
corresponding IP addresses according to data in the enhanced access control list 
comprises: detecting packets having an unknown source IP address (col 9, lines 14- 
24); generating a DNS name query using the source IP address (col 9, lines 24-27); 
receiving a DNS name associated with the IP address responsive to the query; and 
developing records in the access control list using the obtained IP address for the 
respective DNS name (col 8, lines 30-62) and occasionally generating new DNS name 
queries for the source IP address and thereafter repeating the operations of receiving 
and developing to update the access control list (col 12, lines 21-33).. (col 12, lines 
50-67); 
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Regarding claims 7, 15, Droms et al disclosed occasionally receiving the DNS 
name associated with the IP address and thereafter repeating the operation of 
developing to update the access control list (col 12, lines 66-67, col 13, lines 1-9). 

Regarding claims 8,17, Droms et al disclosed converting physical addresses 
into IP addresses according to data in the enhanced access control list comprises: 
monitoring DHCP packets communicated over the network (col 13, lines 10-15); 
obtaining an IP address assigned to a particular physical address from the monitored 
DHCP packets (col 11, lines 20-24); and developing records in the access control list 
using the obtained IP address assigned to a respective physical address (col 11, lines 
25-36). Droms disclosed maintaining hosts/clients IP addresses corresponding to the 
domain names in ACL translated by the domain name server (col 9, lines 1-27, col 12, 
lines 50-67, col 13, lines 1-24) and a map of IP address to physical address (MAC) for 
physical connection in DHCP server (col 10, lines 16-32, col 12, lines 21-32) and 
Droms further suggested these functionalities can be executed on the same host in one 
or more processors (col 9, lines 28-33). Therefore it would have been obvious to 
combine the functions from multiple tables into an enhanced ACL in the gateway (item 
146 of Fig 1) for converting DNS names into corresponding IP and physical addresses 
(MAC address) according to data in the enhanced access control list. 

Regarding claims 9-10, Droms et al disclosed a method of controlling access of a 
user to a network including a plurality of hosts coupled together through a network 
switch (item 102 of Fig 1), the method comprising: storing in the network switch an 
enhanced access control list containing data related to at least one of user names (user 
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groups, col 7, lines 24-35), DNS names (URL), Windows domain names (domain 
names), and physical addresses (col 9, lines 14-17, col 11, lines 20-28, col 12, lines 
28-31, lines 50-67, col 13, lines 1-24); and generating a dynamic access control list 
from the enhanced access control list, the dynamic access control list containing a 
plurality of IP addresses that restrict access of the user to the network (col 16, lines 21- 
32) and mapping user names to physical addresses; mapping physical addresses to IP 
addresses (col 10, lines 16-32); mapping unknown IP addresses to physical 
addresses; and mapping unknown IP addresses to DNS names (col 8, lines 30-62, col 
11, lines 3-10); and applying rules set forth in the enhanced access control list relating 
to controlling access of a user to the addresses determined by the operations of 
mapping to generate the access control list (col 6, lines 13-67, col 7, lines 1-9, col 9, 
lines 9-27), Droms disclosed maintaining hosts/clients known and unknown IP 
addresses corresponding to the domain names in ACL translated by the domain name 
server (col 9, lines 1-27, col 12, lines 50-67, col 13, lines 1-24) and a map of known 
and unknown IP address to physical address (MAC) for physical connection in DHCP 
server (col 10, lines 16-32, col 11, lines 3-10, col 12, lines 21-32) and Droms further 
suggested these functionalities can be executed on the same host in one or more 
processors (col 9, lines 28-33). Therefore it would have been obvious to combine the 
functions from multiple tables into an enhanced ACL in the gateway (item 146 of Fig 1) 
for converting DNS names into corresponding IP and physical addresses (MAC 
address) according to data in the enhanced access control list and generating the 
dynamic access control list, but Droms fails to disclose the feature of mapping user 
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names to IP addresses. However, Green et al disclosed a method for converting user 
names into corresponding IP addresses (determine the IP address from DNS, para 
0065). 

Therefore it would have been obvious for one of the ordinary skill in the art at the 
time the invention of made to include the method of converting user names into 
corresponding IP address as taught by Green et al in the system of Droms et al to 
covert user names and physical addresses into IP addresses. One is motivated as such 
in order to determine an IP address with minimum latency to route an information 
packet based on user name and physical address. 

Regarding claims 16, Droms et al disclosed mapping unknown IP addresses to 
physical addresses comprises detecting packets having an unknown source IP address 
(col 13, lines 1-18). 

Response to Arguments 

6. Applicant's argument, see remarks, filed on 01/09/2009, with respect to rejection 
of claims 1 -1 7 have been fully considered and are persuasive for claims 1 -1 7. Therefore 
the rejection communicated via previous office action In view of Droms and Donaldson 
for claims 1-17 has been withdrawn. However a new ground(s) of rejection has been 
made in this office action in view of Droms and a newly found Green et al reference. 

With respect to applicant's argument that Droms fail to teach enhanced or 
dynamic access control list as claimed in claims 1 and 9, however the examiner 
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respectfully disagrees as Droms disclosed generating or developing access control lists 
to support both IPv4 and enhanced IPv6 internet protocol and performing AAA functions 
with RADIU and DHCP servers for automatic configuration of hosts, clients or users in 
the network (col 6, lines 13-67, col 7, lines 1-9, col 9, lines 9-27) and these dynamic 
configuration of access control lists is well known in the art and therefore the response 
to arguments over Droms is maintained in this office action. 

With respect to applicant's argument for claims 1 , 9 dependent claims, that 
Droms does not teach or suggest storing in the network switch enhanced access control 
list including data related to at least one of user names, DNS names, Windows domain 
names, and physical addresses. However, the examiner respectfully disagrees and 
points applicants to the reference, where Droms disclosed a method where gateway 
(item 145 of Fig 1 ) which stores and maintains the access control list checks the source 
IP address in the message sent by the host via the network switch (item 102 of Fig 1) 
and further disclosed a method for checking the message for user names (user 
identification) and URL (domain names) by the DNS to process the request from host 
(col 12, lines 50-67, col 13, lines 1-24, Figs 1-2). 

With respect to applicant's argument for independent claims 1 , 9 and dependent 
claims, that Droms does not teach or suggest a method of developing an access control 
list, however, the examiner respectfully disagrees and points applicants to reference, 
where Droms disclosed a method for maintaining the access list and further disclosed 
adding IP addresses to the list for controlling the access (col 13, lines 1-24) to process 
the requests from hosts. 
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With respect to applicant's argument for independent claims 1 , 9 and dependent 
claims, that Droms does not teach or suggest converting user names into corresponding 
IP and physical addresses according to data in the enhanced access control list. 
However, the examiner respectfully disagrees and points applicants to reference, where 
Droms disclosed mapping (converting) physical address (MAC) and logical addresses 
(IP) for identifying the source and destination address of the request and response 
messages that is processed by the gateway (col 15, lines 60-67, col 16, lines 1-61). It is 
also well known in the art that such mapping of physical to logical address (or vice- 
versa) to convert physical to logical address in access lists to route the response 
messages during authentication and authorization process. 


Allowable Subject Matter 

7. a) Claims 1 8-25 are allowed over prior art. 

The prior art fails to teach and render obvious the limitations for a network 
switching circuit as claimed in claims 18 and 22: 

"provide the specific packets on a processor port, and further operable to 
receive packets on one of a plurality of ports including the processor port and to 
forward each received packet to a port corresponding to a destination address 
contained in the packet subject to access restrictions contained in a dynamic 
access control list; a memory circuit coupled to the forwarding circuit, the 


Application/Control Number: 10/822,048 Page 1 1 

Art Unit: 2419 

memory circuit operable to store packets and operable to store an enhanced 
access control list and a dynamic access control list;" 

Claims 4, 12 are objected to as being dependent upon a rejected base 
claim, but would be allowable if rewritten in independent form including all of the 
limitations of the base claim and any intervening claims. 

The prior art fails to teach and render obvious the limitations of claims 
4,12 for developing an access control list, wherein converting user names into 
corresponding IP and physical addresses according to data in the enhanced 
access control list comprises: detecting login packets being communicated over 
the network; determining a MAC address from the login packets; detecting server 
message block login packets being communicated over the network; determining 
an IP address from the server message block login packets; and developing 
records in the access control list using the obtained IP address for the respective 
user name. 

However for claim 4, the rejection made under 35 U.S.C 101 in this office 
action for claims 1-8 must be overcome in order for the allowability of claim 4. 

Conclusion 


8. Any inquiry concerning this communication or earlier communications should be 
directed to the attention to Venkatesh Haliyur whose phone number is 571-272-8616. 
The examiner can normally be reached on Monday-Friday from 9:00AM to 5:00 PM. If 


Application/Control Number: 10/822,048 Page 12 

Art Unit: 2419 

attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Edan Orgad can be reached @ (571)-272-7884. Any inquiry of a general 
nature or relating to the status of this application or proceeding should be directed to the 
group receptionist whose telephone number is (571 )-272-2600 or fax to 571 -273-8300. 

9 Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.LiSPto.gov . Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-21 7-91 97(toll-free). 

A/enkatesh Haliyur/ 
Examiner, Art Unit 2419 

/Daniel J. Ryman/ 

Supervisory Patent Examiner, Art Unit 2419 


